Uber Fined Record $324 Million In Netherlands For Transferring Sensitive EU Driver Data To U.S.
Key Facts
The Dutch Data Protection Authority said its investigation found Uber had transferred the personal data of European cab drivers—including taxi licenses, IDs, location data, photos, payment details, and “in some cases even criminal and medical records,” to the U.S.
The agency said Uber transferred this data to the U.S. for over two years without proper transfer tools designed to protect user privacy—in violation of the EU’s General Data Protection Regulation (GDPR).
Uber ended this violation and has implemented the proper safeguards since late last year, the Dutch DPA said.
According to Bloomberg, the $324 million penalty is the biggest issued by the Dutch DPA and the biggest fine Uber has faced globally.
Forbes has reached out to Uber for comment, but the company told Bloomberg the fine is “completely unjustified,” claiming it was compliant with the laws and will file an appeal.
Crucial Quote
“In Europe, the GDPR protects people's fundamental rights by requiring companies and governments to handle personal data with care. But outside Europe, this is unfortunately not the case…This is why companies are usually obliged to take extra measures if they store personal data of Europeans outside the European Union,” Dutch DPA Chair Aleid Wolfsen said, adding Uber’s violation was “very serious.”
Key Background
Earlier this year, the Dutch DPA fined Uber $11 million (€10 million) for how it handled the retention of drivers’ personal data. The agency found Uber had not properly laid out terms and conditions for how long it retains driver personal data. The DPA also found Uber’s process for allowing drivers to make personal data access requests “unnecessarily complicated.” Both the previous fine and the latest one stem from an investigation launched by the Dutch agency in response to a complaint filed by 170 French drivers with the country’s privacy regulator. The investigation was handed over to the Dutch DPA, since Uber’s EU operations are headquartered in the Netherlands. Under the EU’s GDPR laws, violating companies can be fined up to 4% of their annual global revenue.
Comments
Post a Comment